40 terms

EIWS COMMON CORE (106 Security)

106.1 Discuss the purpose of personnel security
To authorize initial and continued access to classified information and/or initial and continued assignment to sensitive duties to those persons whose loyalty, reliability and trustworthiness are such that entrusting them with classified information or assigning them to sensitive duties is clearly consistent with the interests of national security
106.2 Define the following classification categories, how they differ, and the color codes used to identify each one
TOP SECRET - cause exceptionally grave damage to the national security. Color Code is Orange

SECRET - cause serious damage to the national security. Color Code is Red

CONFIDENTIAL - cause damage to the national security. Color Code is Blue

UNCLASSIFIED - cause little to no damage to the national security. Color Code is Green
106.3 Explain what is meant by 'need to know'
You have a need to use the information in completion of your duties
106.4 State the type of investigation and how often it is updated for access to the following classification levels
Top Secret - Favorably completed SSBI, SSBI-PR or PPR. The SSBI must be updated every five years by a PR

Secret - Favorably completed SSBI, SSBI-PR or PPR.

Confidential - Favorably completed NACLC or ANACI.

SCI - Favorably adjudicated SSBI. A SSBI-PR is required to be submitted every five years
106.5 Identify what a SAER is and its purpose
Security Access Eligibility Report: Used to identify an incident or any change in eligibility if an employee is still eligible for the security clearance
106.6 Identify the events that should be reported to the SSO
1. Involvement in activities or sympathetic association with persons which/who unlawfully practice or advocate the overflow or alteration of the United States Government by unconstitutional means

2. Foreign influence concerns/close personal association with foreign nationals, Foreign citizenships, or foreign monetary interests

3. Sexual behavior that is criminal or reflects a lack of judgment or discretion

4. Unwillingness to comply with rules and regulations or to cooperate with security processing

5. Change of Marital Status or Marriage/Cohabitation with a foreign national
106.7 Identify who has overall authority of, and controls access to, a SCIF
The Special Security Officer (SSO) will be responsible for the operation of the Sensitive Compartmented Information Facility (SCIF) and the security control and use of the SCIF
106.8 Identify the use of the following forms
SF 700: Security Container Information; this form contains vital information about the security container in which it is located

SF 701: Activity Security Checklist; this form is a checklist that is filled out at the end of each day to insure that classified materials are secured properly

SF 702: Security Container Check Sheet; this form provides a record of the names and times that persons have opened, closed and checked a particular container that holds classified information

SF 703: Top Secret Cover Sheet (Orange); this form is used as a cover sheet for Top Secret documents

SF 153: COMSEC Material Report; according to GSA, it is no longer in available for order through their archives

SF 312: Classified Information Nondisclosure Agreement; this form provides is a contractual agreement between the U.S. Government and a cleared employee that must be executed as a condition of access to classified information
106.9 State when safe combinations should be changed
1. When first placed in use
2. When an individual knowing the combination no longer requires access unless other sufficient controls exist to prevent access to the lock
3. When subjected to compromise
4. When taken out of service. Built-in combination locks will then be reset to the standard combination 50-25-50; combination padlocks will be reset to the standard combination 10-20-30
106.10 State the responsibilities of the DDA
The Designated Disclosure Authority has the authority and responsibility to control disclosures of Classified Military Information and Controlled Unclassified Information to foreign governments and international organizations and their representatives or persons sponsored by them
106.11 State the purpose of the DCS
The DCS establishes, staffs, operates, and maintains an international network of couriers and courier stations for the expeditious, cost effective, and secure transmission of qualified classified documents and material
106.12 Describe the procedures for preparing hard copy classified material for transportation via
1. No item entering the DCS shall weigh over 300 pounds, or exceed dimensions 45 1/2" X 26" X 22"
2. Items shall be addressed with the standardized DCS two-line address; the Army/Air Post Office, the Fleet Post Office, and the street addresses shall not be used
3. Envelopes, labels, or tags with visible "postage and fees paid" indicia shall not be used
4. Security classification markings, special security caveats, and other Extraneous markings must not appear on the outer wrapper
5. Nickname and/or special project markings previously approved by the DCS must be placed on the outer wrapper
6. Detailed information on wrappings, marking, and preparing material for movement is available from the servicing DCS station
7. Packaging Material: Generally, all packaging materials are permissible if they afford contents with concealment and protection, preclude physical and/or visual access, are sturdy, and pose no hazard to handlers


1. Classified information shall be packaged so that classified text is not in direct contact with the inner envelope or container
2. Enclose classified information transported outside the command in two opaque, sealed covers durable enough to conceal and protect it from inadvertent exposure or tampering
3. If the classified information is an internal component of a package able item of equipment, the outside shell or body may be considered as the inner cover
4. If the classified information is an inaccessible internal component of a bulky item of equipment, outside or body of the item may be considered a sufficient cover provided observation does not reveal classified information
5. If the classified information is an item of equipment that is not reasonably package able and the shell or body is classified, it shall be concealed with an opaque covering that conceals all classified features
6. Specialized shipping containers, including closed cargo transporters, may be considered the outer wrapping or cover when used
106.13 State the responsibilities of the TSCO
1. Maintain a system of accountability (e.g., registry) to record the receipt, reproduction, transfer, transmission, downgrading, declassification and destruction of command Top Secret information, less SCI and other special types of classified information
2. Ensure that inventories of Top Secret information are conducted at least once annually, or more frequently when circumstances warrant
106.14 State the THREATCON recognition and Force Protection levels and discuss what each represents
FPCON NORMAL describes a situation or no current terrorist activity
FPCON ALPHA describes a situation where there is a small and general terrorist activity that is not predictable
FPCON BRAVO describes a situation with somewhat predictable terrorist threat
FPCON CHARLIE describes a situation when an instance occurs or when intelligence reports that there is terrorist activity imminent
FPCON DELTA describes a situation when a terrorist attack is taking place or has just occurred
106.15 Define the following terms
RAM - Random Antiterrorism Measures
PSP - Personnel Security Program (PSP) is to authorize initial and continued access to classified information and/or initial and continued assignment to sensitive duties to those persons whose loyalty, reliability and trustworthiness are such that entrusting them with classified information or assigning them to sensitive duties is clearly consistent with the interests of national security
ATFP - Anti-terrorism and force protection is a security program designed to protect military personnel, civilian employees, family members, facilities, and equipment in all locations and situations
106.16 Explain and state the purpose of an EAP
Emergency Action Plan (EAP) is utilized when anticipating natural disasters. Maintain an up-to-date, written Emergency Action Plan for the protection of COMSEC material appropriate for natural disasters likely to occur in their region
106.17 Explain and state the purpose of Emergency Destruction Procedures
Emergency Destruction Procedures (EDP) are utilized when anticipating a hostile action. Planning for hostile actions must concentrate on procedures to safely evacuate or securely destroy the COMSEC material, to include providing for the proper type and a sufficient number of destruction devices to carry out emergency destruction
106.18 State who can give the order to initiate Emergency Destruction
The Commanding Officer/OIC or official responsible for safeguarding COMSEC material
106.19 Explain how, and in what order, material is destroyed during Emergency Destruction
Priority One: All cryptographic equipment and documents
Priority Two: All operational SCI code word material which might divulge targets and successes, documents dealing with U.S. SCI activities and documents concerning compartmented projects and other sensitive intelligence materials and TOP SECRET collateral
Priority Three: Less sensitive administrative SCI material and collateral classified material not included above
106.20 Define SCI
Sensitive Compartmented Information: Classified information concerning or derived from intelligence sources, methods, or analytical processes which is required to be handled within formal access
106.21 List the items prohibited in a SCIF and the security risks associated with them
No devices that transmits, receives, records or stores data is authorized into a SCIF without prior approval
No photography in or around a SCIF is allowed without CO approval
The ISSM must approve ALL IT software prior to its use in a SCIF
106.22 Define the difference between a security violation and a practice dangerous to security
A security violation is when actual compromise or loss of material has occurred. Whereas a practice dangerous to security is someone who does not follow proper security procedures
106.23 Explain the security requirements for the following
Inside U.S

1. Must meet the specifications for Permanent Dry Wall Construction

2. Must be alarmed

3. SCI must be stored in GSA approved security containers

4. There must be a response force capable of responding to an alarm within 15 minutes after annunciation and a reserve response force available to assist the responding force

5. The CSA may require any SCIF perimeter walls accessible from exterior building ground level to meet the equivalent protection afforded by construction requirement

Outside U.S.
1. Must meet the construction specifications for SCIFs

2. The SCIF must be alarmed.

3. All SCI controlled material will be stored in GSA-approved containers having a rating for both forced and surreptitious entry equal to or exceeding that afforded by Class 5 containers.

4. There must be a response force capable of responding to an alarm within 10 minutes and a reserve response force available to assist the responding force.

1. Ground-based T-SCIFs may be established in hardened structures (e.g., buildings, bunkers) or semi-permanent structures (e.g., truck-mounted or towed military shelters, prefabricated buildings, tents).

2. Permanent-type hardened structures shall be used to the greatest extent possible
When possible, T-SCIFs shall be established within the perimeters of U.S.-controlled areas or compounds.

3. If a U.S.-controlled area or compound is not available, the T-SCIF shall be located within an area that affords the greatest degree of protection against surreptitious or forced entry

4. When a T-SCIF is in operation, the perimeter of its immediate area shall be observed and protected by U.S. guards with U.S. SECRET clearances. Guards shall be equipped with emergency communication devices and, if necessary, with weapons

5. During non-operational hours, the T-SCIF shall be provided security protection in accordance with AO guidelines

6. The T-SCIF shall have only one entrance which shall be controlled during hours of operation by an SCI indoctrinated person using an access roster
106.24 Explain vault recertification and recurring inspections
The container or vault door must be inspected and recertified by a person specifically trained and authorized by the GSA before it can be used to protect classified material

Upon completion a label will be applied and the container/vault door is then considered authorized for storage/protection of classified material

If the container fails inspection, it must be repaired in accordance with Federal Standard 809 before the recertification label can be applied
106.25 Discuss the need for access lists, required documentation logs, and two-person integrity
Access Lists are lists that specify who or what is allowed to access the object or place of interest
106.26 Explain the DoD escort policy
If an escort is required for the visitor, a military, civilian or a cleared contractor assigned to the command being visited may be assigned escort duties.

As a matter of convenience and courtesy, flag officers, general officers and their civilian equivalents are not required to sign visitor records or display identification badges when being escorted as visitors
106.27 Discuss the procedures for sanitizing an area
- Secure all classified material in approved containers
- Turn off all monitors that may be displaying classified material
- Ensure that no one is discussing anything classified.
- Ensure that the visitor has an escort
106.28 Discuss each of the following, giving their definition and the purpose of each
COMSEC - Communications Security material is that material used to protect U.S. Government transmissions, communications, and the processing of classified or sensitive unclassified information related to national security from unauthorized persons

INFOSEC - Information Security is the protection of information systems against (1) unauthorized access to or modification of information, (2) denial of service to authorized users and (3) provision of service to unauthorized users

COMPUSEC - Computer Security is the protection of computing systems against threats to confidentiality, integrity, availability, and accountability
106.29 State the purpose of the ICD system
Intelligence Community Directive, the principal means by which the DNI provides guidance, policy, and direction to the Intelligence Community
106.30 Identify SSO Navy
Designated as the Cognizant Security Authority (CSA). As CSA, SSO Navy is responsible for implementing SCI security policy and procedures and performs management and oversight of the Department's SCI security program
106.31 List the duties and responsibilities of the SSO
1. principal advisor on the SCI security program in the command and is responsible to the commanding officer for the management and administration of the program

2. ensure effective management of the command's SCI security program

3. the operation of the Sensitive Compartmented Information Facility (SCIF) and the security control and use of the SCIF
106.32 Identify who can be a CSM
Must be an officer or a civilian employee, GS-11 or above, with sufficient authority and staff to manage the program for the command. Must be a U.S. citizen and have been the subject of a favorably adjudicated Single Scope Background Investigation
106.33 State the duties and responsibilities of a CSM
- Serve as the principal advisor and representative to the commanding officer in matters pertaining to the classification, safeguarding, transmission, and destruction of classified information.
- Develop a written command security instruction to include provisions for safeguarding classified information during military operations or emergency situations.
- Ensure that personnel in the command who perform security duties are kept abreast of changes in policies and procedures, and provide assistance in problem solving.
- Formulate, coordinate, and conduct the command security education program.
- Ensure that threats to security and other security violations are reported, recorded, and when necessary investigated.
- Ensure that all security violations or incidents involving the possible compromise of classified information, to include those involving information technology (IT) systems, are investigated and reported
- Coordinate the preparation and maintenance of security classification guides under the command's cognizance.
- Maintain liaison with the command Public Affairs Officer (PAO) to ensure that proposed press releases and information intended for public release are subjected to a security review
- Coordinate with other command officials regarding security measures for the classification, safeguarding, transmission and destruction of classified information.
- Develop security measures and procedures regarding visitors who require access to classified information.
- Ensure that classified information is secured and controlled areas are sanitized when a visitor is not authorized access.
- Implement and interpret, as needed, regulations governing the disclosure of classified information to foreign governments. - Ensure compliance with the requirements of SECNAV M-5510.36 when access to classified information is provided at the command to cleared contractors in connection with a classified contract.
106.34 Explain and state the purpose of JPAS
1. The Joint Personnel Adjudication System (JPAS) is a DoD system that uses NIPRNET to connect all DoD security personnel around the world with their Central Adjudication Facility (CAF)

2. JPAS is the Department of Defense (DoD) personnel security clearance and access database

3. JPAS is the system of record for personnel security adjudication, clearance and verification and history
106.35 Explain and state the responsibilities of DONCAF
The Department of the Navy Central Adjudication Facility (DONCAF), is a Naval Criminal Investigative Service (NCIS) organization, and is responsible for determining who within the Department of the Navy is eligible to hold a security clearance, to have access to Sensitive Compartmented Information (SCI), or to be assigned to sensitive duties
106.36 Discuss how long a Commanding Officer can administratively suspend access before DONCAF revokes a clearance
Suspension of SCI access will not exceed 90 days without the express consent of the SOIC or designee
106.37 State the levels of INFOCON and what each signifies
INFOCON 5: Normal Readiness Procedures

INFOCON 4: Increased Military Vigilance Procedures

INFOCON 3: Enhanced Readiness Procedures

INFOCON 2: Greater Readiness Procedures

INFOCON 1: Maximum Readiness Procedures
106.38 Discuss the security rules and procedures for magnetic and electronic media
1. Clearing
2. Sanitizing
3. Destruction
4. Declassification
106.39 Explain why the U.S. Navy only uses ".mil" email addresses on government systems
All generic TLDs are international in nature, with the exception of two (.MIL and .GOV) that are restricted to use by entities in the United States. The U.S. Department of Defense has exclusive use of this domain.